Forum Discussion
How to stop inheritance and remove Group permissions on List or Document library using PnP cmdlets
no, I haven't found answer yet, actualy I resolved it by enabling site collection feature called "Limited-access user permission lockdown mode". It helped.
Not sure if this is proper way.
But I will give it a try to your suggestion.
Thanks a lot.
Josef
Hi Josef, if you need completely remove user/group permissions from the list, then you can call DeleteObject() method on the RoleAssignmen object associated with that user/group.
Here is full snippet for your convenience and anyone else who stumbled on this post.
(I use on-prem version of Sharepoint PnP Powershell module)
Import-Module SharePointPnPPowerShell2016 -DisableNameChecking
$webUrl = 'https://sharepoint.domain.com/sites/mySite'
$groupName = 'External Group'
$listTitle = 'Documents'
Connect-PnPOnline -Url $webUrl -CurrentCredentials
$grp = Get-PnPGroup -Identity $groupName
if ($grp)
{
### Make sure Documents library has unique Role Assignments
$list = Get-PnPList -Identity $listTitle -Includes HasUniqueRoleAssignments
if (-not $list.HasUniqueRoleAssignments)
{
# Break role inheritance (copyRoleAssignments, clearSubscopes)
$list.BreakRoleInheritance($true, $true)
$list.Update()
$list.Context.Load($list)
$list.Context.ExecuteQuery()
}
### Make sure the Group has no access to Documents library
# Get list role assignments
Get-PnPProperty -ClientObject $list -Property RoleAssignments | Out-Null
# Remove Role Assignment with specified PrincipalId (if exists)
$ra = $list.RoleAssignments.GetByPrincipalId($grp.Id)
$list.Context.Load($ra)
try { $list.Context.ExecuteQuery() }
catch { Write-verbose ("Couldn't retrieve RoleAssignment on '{0}' with PrincipalId '{1}'. Exception: '{2}'" -f $list.Title, $grp.Id, $PSItem.Exception.InnerException.Message) -Verbose}
if ($ra.PrincipalId -eq $grp.Id)
{
$ra.DeleteObject()
$list.Update()
$list.Context.ExecuteQuery()
}
}